Qubes-vpn-support contains an automatic firewall script that will make a
dedicated VPN VM fail closed, and also prevent DNS queries and other
info from leaking--whether your VPN client of choice is working or has
gone down. Attempts to go around a failed VPN tunnel by Tor, for
instance, shouldn't work.
Check it out here:
https://github.com/ttasket/Qubes-vpn-support
An openvpn handler script is also included to make DNS work when the VPN
tunnel comes up.
Neither the firewall nor the handler require editing before normal use,
and they'll work whether you use IP addresses or regular domain names
for your VPN connection. This helps eliminate some very error-prone
steps from the setup process.
This firewall basically implements the "_full solution_" described by
Patrick[1]. Testing is still underway to make sure there are no leaks
under varying circumstances, though its looking very promising so far.
If any of you would like to try out the VPN Support scripts and put them
to the test, I'd love to get your feedback either here or on github.
Regards,
Chris/tasket
1.
https://groups.google.com/d/msgid/qubes-devel/5733D91C.6030300%40riseup.net
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/57516C4B.4070305%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
